Privacy Policy

Important information and who we are

In this privacy policy, references to "we", "us" and "our" are to "Widgit Software Ltd". References to "personal data" or "personal details" are to any information about an individual from which they can be identified.

We have appointed a data privacy manager who can respond to questions about this privacy policy and to any requests to exercise your legal rights. To contact the data privacy manager, email privacy@widgit.com or write to:

Privacy
Widgit Software
Bishops House
Artemis Drive
Tachbrook Park
Warwick
CV34 6UD
United Kingdom

For EEA Residents: You can contact us using the details above or via our EU representative by emailing eurep@widgit.com, telephoning +46 850249258 or writing to:

DPO
Olof Palmes Gata 29
4th Floor
111 12
Stockholm
Sweden

This privacy policy was last updated on the 19th August 2025.

Security

We have security measures in place to prevent your personal data from being accidentally lost, disclosed, used or accessed in an unauthorised way. We also limit access to your data to the employees and third parties that need access to it.

All Widgit staff with access to your data are subject to a duty of confidence and have been trained in privacy awareness and the handling of personal data.

Exercising Your Rights

You have certain rights in relation to your personal data. If you wish to exercise any of the rights described here, please contact us using the details in "Important information and who we are".

• Withdraw consent at any time
  If we are relying on consent to process your personal data then you can withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Request access to your personal data
  You can ask for a copy of the personal data we hold about you to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you
  You can ask us to correct any incomplete or inaccurate data we hold about you. Note that we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data
  You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see "Your right to object"), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Note that we may not always be able to comply with your request of erasure for specific legal reasons which you will be informed of, if applicable, at the time of your request.
• Object to processing of your personal data
  You have the right to object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and you feel that it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data
  You can ask us to suspend the processing of your personal data:
  1. if you want us to establish the data's accuracy
  2. where our use of the data is unlawful but you do not want us to erase it
  3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
  4. when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party
  You can ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information that you initially provided consent for us to use or where we used the information to perform a contract with you.

Your personal data

Any personal data we collect will be used in accordance with the UK General Data Protection Regulation in addition to all applicable law concerning the processing of personal data and privacy. If you have opted to be kept informed of any of our products or services, we will use your email address in order to send you that information. In such a case you will always be offered the option to opt in/out of further communication.

We will only use your personal data when we have a lawful basis for doing so. Typically, we will only use your personal data for the following reasons:

• To provide and support our online products and services.
• To process your order and to provide after-sales service. If your order requires shipping, we may pass your details to a courier service to deliver the products you have purchased.
• If you have opted to be kept informed of any of our products or services, we will use your email address in order to send you that information. In such a case you will always be offered the option to opt in or out of further communication.
• Where it's necessary for our legitimate interests or those of a third party, and where your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

We have categorised the data (including personal data) that we use as follows:

• Technical - your IP address, login credentials and the data sent by your browser, such as its type and version and your device's operating system.
• Activity - information about how you use our website(s).
• Contact - email address and telephone number.
• Communication - details of your communication preferences, such as whether or not you have consented to receive marketing information.
• Financial - your payment details.
• Transaction - details about payments to and from you and details of products and services you have purchased from us.

We have categorised the purposes we use the data for as follows:

Purpose	Category of data	Lawful basis for processing, including legitimate interest
Registration and logging in - when you create or log into an account on our website(s).	Identity, Technical, Contact, Communication	Contractual
Order processing - when you make a purchase from our website(s).	Identity, Technical, Contact, Communication, Financial, Transaction	Contractual, Legitimate Interest (e.g. to recover a debt)
Communication - when we need to inform you about things like changes to your account(s).	Identity, Contact, Communication	Contractual, Legal Obligation, Legitimate Interest (e.g. to keep our records up to date and accurate)
Support - when we provide technical support, or need to let you know about technical issues.	Identity, Technical, Contact, Communication	Contractual, Legal Obligation, Legitimate Interest (e.g. provision of services and security)
Marketing - when we suggest products or services that may be of interest to you.	Identity, Contact, Communication	Legitimate Interest (e.g. to develop our products and services and grow our business)
Analytics - when we use statistics and analysis to help us improve our website(s).	Technical, Activity	Legitimate Interest (e.g. provision of security, to learn how customers use our websites and services so that we can improve and develop them, and to inform our marketing strategy)

If we need to use your personal data for another purpose, we will try to ensure that it's compatible with the purposes described here. If it isn't completely compatible then we will notify you by updating this policy, explaining the legal basis for the new purpose.

Sub-processors

We may need to share your personal data with one or more third parties (our "sub-processors"), listed in the next section. We require third parties to respect the security of your personal data and to treat it in accordance with all applicable law. We do not allow third parties to use your personal data for their own purposes. We only permit third parties to process your personal data in accordance with our instructions and for the purposes we specify.

Some of the third parties that we might share your personal data with are outside the European Economic Area. When this is the case, we use written contracts to ensure that your personal data has the same or similar protections that it would have in the European Economic Area.

Our website(s)

We don't want to collect or share any more information about our visitors than we need to, or keep it for any longer than necessary, so we've separated the Widgit website (widgit.com) into subdomains, each with different functionality. These are listed below.

The Widgit website (widgit.com and shop.widgit.com)

Our main website, where you can browse and purchase our products and services.

What information we collect

The information we collect via the Widgit website may include:

• Any personal details you knowingly provide us with through forms, such as your name, address and telephone number.
• Your preferences and use of email subscription, recorded by emails we send you. For example, if you have selected to receive email updates on products and offers.
• Your IP Address. This is an address unique to your computer that is recorded when you request any page or component on the Widgit website. This information is used to monitor usage of the Widgit website and to help secure it.

Under no circumstances will we hold sensitive payment details such as your card number, expiry date or security code. All transactions on the Widgit website are handled through our accredited payment bureau, Opayo.

Data Retention (How long we keep personal data for)

If you have created an account but have not made any purchases and have not logged in for 12 months, your account will be deleted.

For tax reasons, we are legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction data as described) for 6 years after they cease being customers.

Sub-processors (Who we share personal data with)

• Amazon Web Services (EU)
  Widgit uses Amazon Web Services to host our main website (widgit.com).
• CloudFlare (Global)
  Widgit uses Cloudflare for content distribution, security and DNS services.
• Opayo (UK/EU)
  Widgit uses Opayo to process secure payments.
• The Education Company (UK)
  Widgit uses customer relationship management tools from The Education Company.
  They also host and support the "shop" area of our website (shop.widgit.com), using the following sub-processors:
  • Microsoft (Azure) (EU)
    Hosting.
  • DotDigital (UK)
    Transactional messaging.
  • Cloudflare (Global)
    Traffic optimisation and security.
• Sage (UK)
  Widgit uses Sage to securely process order details and invoices.
• Vision33 (UK)
  Widgit uses Vision33 to securely transfer order details.
• MailChimp (USA)
  Widgit uses MailChimp to send emails related to our products, services and general marketing.
• Microsoft (UK/EU/USA)
  Widgit uses Microsoft Office and related Microsoft services in day-to-day operations.
• ZenDesk (EU/USA)
  Widgit uses ZenDesk to manage support issues.
• Transglobal Express (UK)
  Widgit uses Transglobal Express to arrange shipping.
• Our International Partners
  Widgit products and services are sold outside the UK by our trusted international partners. If you have purchased our products or services from one of our international partners then they will be able to help with sales and support issues.

Cookies and local storage

The Widgit website uses a number of cookies, which are described below.

The Widgit website also uses the "ZenDesk Web Widgit" to enable visitors to chat to our support team, AddSearch to enable searching the website, and YouTube for embedded videos.

Cookie	Owner	Duration	Description
AWSALBTG	widgit.com	7 days	Load balancing
AWSALBTGCORS	widgit.com	7 days	Load balancing
__RequestVerificationToken	shop.widgit.com	Browser session	Security token
__cflb	shop.widgit.com	A few seconds	Load balancing
point_enabled	widgit.com	90 days	Widgit uses 'Point' to support the text on our web pages. Point is on by default. If you turn 'Point' on or off then it will use a cookie to remember your choice.

Widgit Accounts (auth.widgit.com)

Widgit's secure authentication service, which you can use to log into our products and services.

What information we collect

The information we collect via Widgit Accounts may include:

• Your email address, which you provide to identify yourself.
• Your IP Address. This is an address unique to your computer that is recorded when you request any page or component on the Widgit Accounts website. This information is used to monitor usage of the website and to help secure it.

Data Retention (How long we keep personal data for)

If your Widgit Accounts login is not associated with any Widgit service (e.g. the Widgit website), it will be deleted after 30 days.

Sub-processors (Who we share personal data with)

• Amazon Web Services (EU)
  Widgit uses Amazon Web Services to host Widgit Accounts (auth.widgit.com).
• CloudFlare (Global)
  Widgit uses Cloudflare for content distribution, security and DNS services.
• MailerSend (EU)
  Widgit uses MailerSend to send transactional emails related to Widgit Accounts.

Cookies and local storage

The Widgit Accounts website uses two cookies, which are described below.

Cookie	Owner	Duration	Description
cf_clearance	auth.widgit.com	30 minutes	Security token
_widgit-accounts_session	auth.widgit.com	Browser session	Security token

Product activation (activation.widgit.com)

Widgit's product activation service, where you can activate (and optionally register) our products and services.

What information we collect

The information we collect via the product activation service may include:

• Your product registration details. When you use the activation service, you can choose to provide your contact details (which may be personal information) for product registration. Your product registration details will only ever be used to identify you as the owner of the product, and only then when there is a good reason for doing so; for example, to enable you to qualify for a discount when you upgrade from a previous version of the product but did not purchase the previous version directly from Widgit.

  You can access, edit, delete, restrict the use of, or request a copy of your product registration details by contacting Widgit. You may need to provide your product key and some of your registration details to confirm that you are the registered product owner.

• Your IP Address. This is an address unique to your computer that is recorded when you request any page or component on the Widgit Accounts website. This information is used to monitor usage of the website and to help secure it.

Data Retention (How long we keep personal data for)

Your product registration details may be kept for up to two years after update support for that version of the product ends (to enable discretionary extended product support).

Sub-processors (Who we share personal data with)

• Amazon Web Services (EU)
  Widgit uses Amazon Web Services to host the product activation service (activation.widgit.com).
• CloudFlare (Global)
  Widgit uses Cloudflare for content distribution, security and DNS services.
• MailerSend (EU)
  Widgit uses MailerSend to send transactional emails related to product activation.

Cookies and local storage

The product activation service website uses two cookies, which are described below.

Cookie	Owner	Duration	Description
_bubblewrap_server_session	activation.widgit.com	Browser session	Security token
lang	activation.widgit.com	1 year	Language selection

Other websites

This privacy policy relates to Widgit's websites and services. Any other websites which may be linked to by our websites are subject to their own policy, which may differ from ours.

---